Paper 2006/297

Forward-Secure Signatures with Untrusted Update

Xavier Boyen, Hovav Shacham, Emily Shen, and Brent Waters


In most forward-secure signature constructions, a program that updates a user's private signing key must have full access to the private key. Unfortunately, these schemes are incompatible with several security architectures including Gnu Privacy Guard (GPG) and S/MIME, where the private key is encrypted under a user password as a ``second factor'' of security, in case the private key storage is corrupted, but the password is not. We introduce the concept of forward-secure signatures with untrusted update, where the key update can be performed on an encrypted version of the key. Forward secure signatures with untrusted update allow us to add forward security to signatures, while still keeping passwords as a second factor of security. We provide a construction that has performance characteristics comparable with the best existing forward-secure signatures. In addition, we describe how to modify the Bellare-Miner forward secure signature scheme to achieve untrusted update.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. An extended abstract is to appear in ACM CCS 2006.
Contact author(s)
xb @ boyen org
2006-08-31: received
Short URL
Creative Commons Attribution


      author = {Xavier Boyen and Hovav Shacham and Emily Shen and Brent Waters},
      title = {Forward-Secure Signatures with Untrusted Update},
      howpublished = {Cryptology ePrint Archive, Paper 2006/297},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.